bob2N
-
Compteur de contenus
33 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par bob2N
-
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
je m'y attendais^^, la config si on peut appeler ca config car très peut performant mais pour l'utilisation qu'en a mon frere c'est suffisant. j'ai déjà tout sauvegarder sur mon pc au cas ou un jour la machine ne s'allume plus, il s'achetera un ordi tout beau tout neuf et cette fois je serai plus vigilant sur ce qu'il en fait encore merci de vos aides ps: j'ai des question qui sont plus ou moin en rapport avec l'informatique à voir en mp si possible? -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
demarrage en mode sans echec impossible; ecran bleue qui me dit de verifier les virus ou mon disque dur :/ l'antivirus je l'avais déjà desinstallé. pour antivir l'install commence et ce ferme. je peut peut etre le passer sous vista j'ai les cd de mes ordis portable -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
ca a fonctionné avec ton lien, merci le rapport: 02:35:34:018 2204 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17 02:35:34:018 2204 ================================================================================ 02:35:34:018 2204 SystemInfo: 02:35:34:028 2204 OS Version: 5.1.2600 ServicePack: 1.0 02:35:34:028 2204 Product type: Workstation 02:35:34:028 2204 ComputerName: GRIEZ-BX0K7RQPO 02:35:34:058 2204 UserName: Griez 02:35:34:058 2204 Windows directory: C:\WINDOWS 02:35:34:058 2204 Processor architecture: Intel x86 02:35:34:058 2204 Number of processors: 1 02:35:34:058 2204 Page size: 0x1000 02:35:34:068 2204 Boot type: Normal boot 02:35:34:068 2204 ================================================================================ 02:35:34:418 2204 UnloadDriverW: NtUnloadDriver error 2 02:35:34:418 2204 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2 02:35:35:209 2204 wfopen_ex: Trying to open file C:\WINDOWS\System32\config\system 02:35:35:209 2204 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 02:35:35:209 2204 wfopen_ex: Trying to KLMD file open 02:35:35:209 2204 wfopen_ex: File opened ok (Flags 2) 02:35:35:209 2204 wfopen_ex: Trying to open file C:\WINDOWS\System32\config\software 02:35:35:209 2204 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 02:35:35:209 2204 wfopen_ex: Trying to KLMD file open 02:35:35:209 2204 wfopen_ex: File opened ok (Flags 2) 02:35:35:209 2204 KLAVA engine initialized 02:35:36:061 2204 Initialize success 02:35:36:061 2204 02:35:36:061 2204 Scanning Services ... 02:35:37:202 2204 Raw services enum returned 302 services 02:35:37:232 2204 02:35:37:232 2204 Scanning Drivers ... 02:35:38:154 2204 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\System32\drivers\ac97intc.sys 02:35:38:554 2204 ACPI (ffdef54a7a4519cf7117536d43deefab) C:\WINDOWS\System32\DRIVERS\ACPI.sys 02:35:38:895 2204 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\System32\drivers\ACPIEC.sys 02:35:39:425 2204 aec (ff773feda15e8bd97fd54fe87a0acdbe) C:\WINDOWS\System32\drivers\aec.sys 02:35:39:826 2204 AFD (51b1872b62d1c335bac53313913c8d5b) C:\WINDOWS\System32\drivers\afd.sys 02:35:41:769 2204 AsyncMac (03f403b07a884fc2aa54a0916c410931) C:\WINDOWS\System32\DRIVERS\asyncmac.sys 02:35:42:059 2204 atapi (95b858761a00e1d4f81f79a0da019aca) C:\WINDOWS\System32\DRIVERS\atapi.sys 02:35:42:510 2204 Atmarpc (8d735ca1cbdb0081b0e3b9ff0eb222d0) C:\WINDOWS\System32\DRIVERS\atmarpc.sys 02:35:42:800 2204 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\System32\DRIVERS\audstub.sys 02:35:43:421 2204 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\drivers\cbidf2k.sys 02:35:43:832 2204 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\System32\drivers\Cdaudio.sys 02:35:44:082 2204 Cdfs (049a38451f2611caf2fd528e023a0b5a) C:\WINDOWS\System32\drivers\Cdfs.sys 02:35:44:383 2204 Cdrom (6506e033ad04cfec9ee56dbefd1083dd) C:\WINDOWS\System32\DRIVERS\cdrom.sys 02:35:45:664 2204 Disk (d1b16340ceaceecbf52340a0cbdf43e1) C:\WINDOWS\System32\DRIVERS\disk.sys 02:35:46:215 2204 dmboot (625043857173294df9239909fc37ccd1) C:\WINDOWS\System32\drivers\dmboot.sys 02:35:46:796 2204 dmio (c85a01b45e107b2d80a1263b365e62b5) C:\WINDOWS\System32\drivers\dmio.sys 02:35:47:046 2204 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\System32\drivers\dmload.sys 02:35:47:287 2204 DMusic (ef05974d47d56fa8387f170f05bae5e7) C:\WINDOWS\System32\drivers\DMusic.sys 02:35:47:737 2204 drmkaud (fd859e517fa2abb53654afa7ec9e3a94) C:\WINDOWS\System32\drivers\drmkaud.sys 02:35:47:948 2204 F-Secure Filter (67c919a6ce5fa1771b10f0f6a8fb12a9) C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys 02:35:48:218 2204 F-Secure Gatekeeper (afd0b11970da58e056ba1e0688c0381b) C:\Program Files\Securitoo\av_fw\Anti-Virus\win2k\fsgk.sys 02:35:48:438 2204 F-Secure Recognizer (4b48fab2e62fe420ccc3ce15c5deb39b) C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys 02:35:48:759 2204 Fastfat (e4a3a8f3e60b542a747b10e86faa5dad) C:\WINDOWS\System32\drivers\Fastfat.sys 02:35:49:079 2204 Fdc (19c5c7eac0190a42522290bf002f64ea) C:\WINDOWS\System32\DRIVERS\fdc.sys 02:35:49:290 2204 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\System32\drivers\Fips.sys 02:35:49:530 2204 Flpydisk (8f70d1f7606f7442e2f7383f3701d728) C:\WINDOWS\System32\DRIVERS\flpydisk.sys 02:35:49:820 2204 FSFW (4840e84b9c2ef083e775937e216b2938) C:\WINDOWS\System32\drivers\fsdfw.sys 02:35:50:081 2204 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\System32\drivers\Fs_Rec.sys 02:35:50:321 2204 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\System32\DRIVERS\ftdisk.sys 02:35:50:652 2204 gameenum (6d18cad8a05d88e672b61db855a08289) C:\WINDOWS\System32\DRIVERS\gameenum.sys 02:35:50:872 2204 Gpc (13591e0a02e85de2a388f3ec4bd206df) C:\WINDOWS\System32\DRIVERS\msgpc.sys 02:35:51:743 2204 i8042prt (62df7f3c91015d236353956995d02e80) C:\WINDOWS\System32\DRIVERS\i8042prt.sys 02:35:52:064 2204 i81x (1d37c8d853582ea95ddf1a6ba1a62573) C:\WINDOWS\System32\DRIVERS\i81xnt5.sys 02:35:52:334 2204 iAimFP0 (7cb34d392210c286ac925d8a17e00a75) C:\WINDOWS\System32\DRIVERS\wADV01nt.sys 02:35:52:594 2204 iAimFP1 (e086a10b2558f9cdd16cf6686e1393be) C:\WINDOWS\System32\DRIVERS\wADV02NT.sys 02:35:52:795 2204 iAimFP2 (e02f7161f07b3aa468ecb7f652f084eb) C:\WINDOWS\System32\DRIVERS\wADV05NT.sys 02:35:53:005 2204 iAimFP3 (c5fc395f2534f157286137196b663389) C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys 02:35:53:215 2204 iAimFP4 (9dfcd083fc329ba87c7cb69ee9e7d923) C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys 02:35:53:426 2204 iAimTV0 (fd70d86dd033f17199ecb3940c28ab23) C:\WINDOWS\System32\DRIVERS\wATV01nt.sys 02:35:53:656 2204 iAimTV1 (68bc5080a3a9393fc97b59772bd3e99d) C:\WINDOWS\System32\DRIVERS\wATV02NT.sys 02:35:53:946 2204 iAimTV2 (894d8b95a5eb503173e5a01866bb73b0) C:\WINDOWS\System32\DRIVERS\wATV03nt.sys 02:35:54:257 2204 iAimTV3 (e3d6ff5710f98ebb8456753291ec106f) C:\WINDOWS\System32\DRIVERS\wATV04nt.sys 02:35:54:527 2204 iAimTV4 (fcef47da2c8889424848bb60490cf292) C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys 02:35:54:767 2204 Imapi (3cb4410747f2330d97b10b656d5bb2ac) C:\WINDOWS\System32\DRIVERS\imapi.sys 02:35:55:208 2204 IntelIde (7251ccda2b447e310de0e431fda71c68) C:\WINDOWS\System32\DRIVERS\intelide.sys 02:35:55:448 2204 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 02:35:55:719 2204 IpInIp (f56dd863ba732a4e8ee58d486c31250f) C:\WINDOWS\System32\DRIVERS\ipinip.sys 02:35:55:959 2204 IpNat (fc672ad6e9676814a0c844912f2abcff) C:\WINDOWS\System32\DRIVERS\ipnat.sys 02:35:56:270 2204 IPSec (5b09ea8abb09c22f7574fa52dc9bd752) C:\WINDOWS\System32\DRIVERS\ipsec.sys 02:35:56:550 2204 IRENUM (b43201394646b7e98c89056edda686b5) C:\WINDOWS\System32\DRIVERS\irenum.sys 02:35:56:780 2204 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\System32\DRIVERS\isapnp.sys 02:35:57:061 2204 Kbdclass (9bb4976aacd2c9df788afcc53abb790c) C:\WINDOWS\System32\DRIVERS\kbdclass.sys 02:35:57:351 2204 klmd23 (f736ee0d4da5b9bcc2c8539c8add06e2) C:\WINDOWS\System32\drivers\klmd.sys 02:35:57:662 2204 kmixer (10e0feb086d8c1419b958c9034e4668a) C:\WINDOWS\System32\drivers\kmixer.sys 02:35:57:992 2204 KSecDD (abc70e8b89cce44731a346deb764bf95) C:\WINDOWS\System32\drivers\KSecDD.sys 02:35:58:413 2204 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\System32\drivers\mnmdd.sys 02:35:58:683 2204 Modem (2ceb658d70506dbb6a447e8fd3b8ff73) C:\WINDOWS\System32\drivers\Modem.sys 02:35:58:923 2204 Mouclass (b974771970ae24f6113e3e1434f10103) C:\WINDOWS\System32\DRIVERS\mouclass.sys 02:35:59:174 2204 MountMgr (d4face53a1c48cf8419b4cf494d2ee2e) C:\WINDOWS\System32\drivers\MountMgr.sys 02:35:59:624 2204 MRxDAV (8082009c25ece22c1446283020141d26) C:\WINDOWS\System32\DRIVERS\mrxdav.sys 02:36:00:135 2204 MRxSmb (dd2b4d4403191b06bb0309144dda7883) C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 02:36:00:526 2204 Msfs (a1831538e119363d0d90d757ac8a2012) C:\WINDOWS\System32\drivers\Msfs.sys 02:36:00:746 2204 MSKSSRV (85736f804191cb420a31aca2a7f0674f) C:\WINDOWS\System32\drivers\MSKSSRV.sys 02:36:01:006 2204 MSPCLOCK (e943adb93d83c5cbc0ca3f53f53b48cc) C:\WINDOWS\System32\drivers\MSPCLOCK.sys 02:36:01:217 2204 MSPQM (f6a726b8832db1f88326b8be98b11981) C:\WINDOWS\System32\drivers\MSPQM.sys 02:36:01:457 2204 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\System32\drivers\msmpu401.sys 02:36:01:728 2204 Mup (08c56887f06473b09fc1b39e7dec0fb6) C:\WINDOWS\System32\drivers\Mup.sys 02:36:02:088 2204 NDIS (3b350e5a2a5e951453f3993275a4523a) C:\WINDOWS\System32\drivers\NDIS.sys 02:36:02:358 2204 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\System32\DRIVERS\ndistapi.sys 02:36:02:609 2204 Ndisuio (e6b6d5e4c9c199b7bb56d7862ea68fbc) C:\WINDOWS\System32\DRIVERS\ndisuio.sys 02:36:02:869 2204 NdisWan (15787deca8c5428beeaa8044f544fd85) C:\WINDOWS\System32\DRIVERS\ndiswan.sys 02:36:03:150 2204 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\System32\drivers\NDProxy.sys 02:36:03:400 2204 NetBIOS (e351339fa17c4a70940e15b5e3dae6e2) C:\WINDOWS\System32\DRIVERS\netbios.sys 02:36:03:700 2204 NetBT (d96f3bc5a6e7452b0e3275b560dc8528) C:\WINDOWS\System32\DRIVERS\netbt.sys 02:36:03:961 2204 Npfs (20aba9f035e3a98877480e34fcc4dcb3) C:\WINDOWS\System32\drivers\Npfs.sys 02:36:04:401 2204 Ntfs (e3ae9c79498210a5f39fe5a9ad62bc55) C:\WINDOWS\System32\drivers\Ntfs.sys 02:36:04:852 2204 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\System32\drivers\Null.sys 02:36:05:082 2204 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys 02:36:05:313 2204 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys 02:36:05:553 2204 P3 (a266b4128d6b89e4e6e0f8252b45647e) C:\WINDOWS\System32\DRIVERS\p3.sys 02:36:05:833 2204 Parport (1d6219ddb4327f0f317656f91228ea9e) C:\WINDOWS\System32\DRIVERS\parport.sys 02:36:06:084 2204 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\System32\drivers\PartMgr.sys 02:36:06:304 2204 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\System32\drivers\ParVdm.sys 02:36:06:735 2204 PCASp50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\WINDOWS\System32\Drivers\PCASp50.sys 02:36:06:975 2204 PCI (abbb48b084a52de8ff9c2f50b3dc2ec1) C:\WINDOWS\System32\DRIVERS\pci.sys 02:36:07:726 2204 Pcmcia (ae3a8f77efeed4c1a6e58fd8ce84f21f) C:\WINDOWS\System32\drivers\Pcmcia.sys 02:36:09:128 2204 PptpMiniport (fed674d73eb56c35444f701e847bf85b) C:\WINDOWS\System32\DRIVERS\raspptp.sys 02:36:09:368 2204 PSched (944440247fe6988c88b376ed85a0cd1a) C:\WINDOWS\System32\DRIVERS\psched.sys 02:36:09:589 2204 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\System32\DRIVERS\ptilink.sys 02:36:09:819 2204 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\System32\Drivers\PxHelp20.sys 02:36:10:951 2204 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\System32\DRIVERS\rasacd.sys 02:36:11:201 2204 Rasl2tp (4c242c79a9c0d98d52d6f8cb9248d528) C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 02:36:11:451 2204 RasPppoe (888335b3be346119cf7b4eff3a3fca7c) C:\WINDOWS\System32\DRIVERS\raspppoe.sys 02:36:11:672 2204 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\System32\DRIVERS\raspti.sys 02:36:11:962 2204 Rdbss (8f4262835676a30e7cbd6baee5ad18f3) C:\WINDOWS\System32\DRIVERS\rdbss.sys 02:36:12:263 2204 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 02:36:12:563 2204 rdpdr (5208d077065ea8775e319f9834f94136) C:\WINDOWS\System32\DRIVERS\rdpdr.sys 02:36:12:924 2204 RDPWD (0486381b7d2f64bedc4d7be935d8d8ab) C:\WINDOWS\System32\drivers\RDPWD.sys 02:36:13:214 2204 redbook (11aed740d537f83be05320b7c285a633) C:\WINDOWS\System32\DRIVERS\redbook.sys 02:36:13:524 2204 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\System32\DRIVERS\secdrv.sys 02:36:13:755 2204 serenum (65a7c4d86c153c82e33a552c217abb29) C:\WINDOWS\System32\DRIVERS\serenum.sys 02:36:14:005 2204 Serial (ffea735f27122f0877d032b29f1659a2) C:\WINDOWS\System32\DRIVERS\serial.sys 02:36:14:286 2204 Sfloppy (4e1b8866f3d208dee3906a191cb493e3) C:\WINDOWS\System32\drivers\Sfloppy.sys 02:36:14:936 2204 splitter (32c54211e9e8a45cbcb097beaeb1999a) C:\WINDOWS\System32\drivers\splitter.sys 02:36:15:217 2204 sr (19e699e7a48e6b44c583111e0da6f123) C:\WINDOWS\System32\DRIVERS\sr.sys 02:36:15:638 2204 Srv (9539680ee0dc297d82d8202153f42c98) C:\WINDOWS\System32\DRIVERS\srv.sys 02:36:16:008 2204 swenum (616a013d3ea068b6dee83d905e92ee9f) C:\WINDOWS\System32\DRIVERS\swenum.sys 02:36:16:298 2204 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\System32\drivers\swmidi.sys 02:36:17:320 2204 sysaudio (b0b19f036f76333ab3338c7493e87b12) C:\WINDOWS\System32\drivers\sysaudio.sys 02:36:17:690 2204 Tcpip (b8158e2a6112c0a5ca67bc158fc70218) C:\WINDOWS\System32\DRIVERS\tcpip.sys 02:36:18:071 2204 TDPIPE (1a96630babbd59e8b885eae0dfbe6a3e) C:\WINDOWS\System32\drivers\TDPIPE.sys 02:36:18:331 2204 TDTCP (d1c578c6b37713694c5edd7c2d7f7451) C:\WINDOWS\System32\drivers\TDTCP.sys 02:36:18:632 2204 TermDD (194c51bc28a7ce9818012142b062e431) C:\WINDOWS\System32\DRIVERS\termdd.sys 02:36:19:113 2204 Udfs (01ca8ec606522d2f60820b0c0086fdd5) C:\WINDOWS\System32\drivers\Udfs.sys 02:36:19:613 2204 Update (164cfae1d766905f56c432acfc54f28c) C:\WINDOWS\System32\DRIVERS\update.sys 02:36:19:924 2204 usbbus (5aadc9297c39aa249cd994acdba19034) C:\WINDOWS\System32\DRIVERS\lgusbbus.sys 02:36:20:184 2204 usbccgp (79fee3cfec5b14194dbe0a703d82b2a4) C:\WINDOWS\System32\DRIVERS\usbccgp.sys 02:36:20:444 2204 UsbDiag (4650ffe04e5922399b0e932319e6b215) C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys 02:36:20:685 2204 usbhub (d7bf70ac85e48b6c4df953401eccb75a) C:\WINDOWS\System32\DRIVERS\usbhub.sys 02:36:20:965 2204 USBModem (2666fe171e0c2e7085ccd5fe0bac09e3) C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys 02:36:21:226 2204 usbscan (7691af2109474eb923004f3dca4c9559) C:\WINDOWS\System32\DRIVERS\usbscan.sys 02:36:21:456 2204 USBSTOR (4923c60f9c381eae679db04021d26abb) C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 02:36:21:726 2204 usbuhci (49ec068278d85bc1e20ac7f3d315e940) C:\WINDOWS\System32\DRIVERS\usbuhci.sys 02:36:21:957 2204 USB_RNDIS (567d6c305295fea98e02fd3e5258ca89) C:\WINDOWS\System32\DRIVERS\usb8023.sys 02:36:22:217 2204 VgaSave (08d2edfd7261242b8aea27f1fe11e120) C:\WINDOWS\System32\drivers\vga.sys 02:36:22:658 2204 VolSnap (3a0f57ccd37ed8eb0d59cf10bcd8035e) C:\WINDOWS\System32\drivers\VolSnap.sys 02:36:22:868 2204 Wanarp (484af08f15d1306ff2e8b64fe62a160c) C:\WINDOWS\System32\DRIVERS\wanarp.sys 02:36:23:309 2204 wdmaud (499b653356a9e5589ee83ac47e5d2a8c) C:\WINDOWS\System32\drivers\wdmaud.sys 02:36:23:649 2204 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\System32\Drivers\wpdusb.sys 02:36:23:909 2204 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 02:36:24:070 2204 02:36:24:070 2204 Completed 02:36:24:070 2204 02:36:24:080 2204 Results: 02:36:24:090 2204 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 02:36:24:090 2204 File objects infected / cured / cured on reboot: 0 / 0 / 0 02:36:24:090 2204 02:36:24:090 2204 fclose_ex: Trying to close file C:\WINDOWS\System32\config\system 02:36:24:110 2204 fclose_ex: Trying to close file C:\WINDOWS\System32\config\software 02:36:24:150 2204 KLMD(ARK) unloaded successfully -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
pour l'histoire, à la base y'avais xp officiel sur la machine, le disque dur a lacher, je l'ai changé mais plus moyen de mettre la main sur le cd d'xp donc j'ai chopé un crack, pour IE je ne savais pas, merci -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
merci pour le liens je vais essayer des que possible pour le SP1 j'y peut rien et il ne ce sert pas d'IE, il prefere firefox^^ -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
page introuvables pour tdsskiller. rapport rsit Logfile of random's system information tool 1.06 (written by random/random) Run by Griez at 2010-05-17 18:35:49 Microsoft Windows XP Professionnel Service Pack 1 System drive C: has 53 GB (67%) free of 79 GB Total RAM: 190 MB (10% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:36:19, on 17/05/2010 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Griez\Bureau\RSIT.exe C:\Documents and Settings\Griez\Mes documents\alain.griez\Griez.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Pack Sécurité.lnk = C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Griez\Application Data\Dealio\kb127\res\DealioSearch.html O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- End of file - 6720 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Maintenance en 1 clic.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-07 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 846364] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 325864] "F-Secure Manager"=C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE [2006-04-02 458801] "F-Secure Startup Wizard"=C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE [2006-09-01 794624] "F-Secure TNB"=C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe [2006-09-01 671744] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2006-03-01 163840] "msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2009-09-16 6677872] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Pack Sécurité.lnk - C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=1 "DisableTaskMgr"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité" "C:\Program Files\Microsoft Works\WksSb.exe"="C:\Program Files\Microsoft Works\WksSb.exe:*:Enabled:ipsec" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:ipsec" "C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe"="C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe:*:Enabled:ipsec" "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE:*:Enabled:ipsec" "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe:*:Enabled:ipsec" "C:\Program Files\Microsoft Works\wkfud.exe"="C:\Program Files\Microsoft Works\wkfud.exe:*:Enabled:ipsec" "C:\WINDOWS\System32\dwwin.exe"="C:\WINDOWS\System32\dwwin.exe:*:Enabled:ipsec" "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:ipsec" "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec" "C:\Program Files\ImTOO\PSP Video Converter 3\avc.exe"="C:\Program Files\ImTOO\PSP Video Converter 3\avc.exe:*:Enabled:ipsec" "C:\Program Files\ImTOO\PSP Video Converter 3\videoenc.exe"="C:\Program Files\ImTOO\PSP Video Converter 3\videoenc.exe:*:Enabled:ipsec" "C:\Program Files\Search Settings\SearchSettings.exe"="C:\Program Files\Search Settings\SearchSettings.exe:*:Enabled:ipsec" "C:\WINDOWS\System32\netsh.exe"="C:\WINDOWS\System32\netsh.exe:*:Enabled:ipsec" "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe:*:Enabled:ipsec" "C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:ipsec" "C:\WINDOWS\system32\CF31222.exe"="C:\WINDOWS\system32\CF31222.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winpconq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winpconq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\etpbsc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\etpbsc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winylwg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winylwg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwaldae.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwaldae.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwtopq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwtopq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lailbp.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lailbp.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winvhkqf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winvhkqf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\dqodq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\dqodq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winjaftx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winjaftx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tcpiuu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tcpiuu.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windpaqb.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windpaqb.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winbomxgl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winbomxgl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winaxuxcf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winaxuxcf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windsxxyi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windsxxyi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winaavawr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winaavawr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\elmfl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\elmfl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tyld.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tyld.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winkvsa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winkvsa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winoskbf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winoskbf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\hlete.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\hlete.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\yubad.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\yubad.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\vqirmj.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vqirmj.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lwfub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lwfub.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winhnxqf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winhnxqf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lawtd.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lawtd.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhokq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhokq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winyyvdik.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winyyvdik.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\vbvy.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vbvy.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winuuje.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winuuje.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxaih.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxaih.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winpxub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winpxub.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwotkm.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwotkm.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tmwc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tmwc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winnpoy.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winnpoy.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winymrjn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winymrjn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\geiwnw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\geiwnw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winquomfu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winquomfu.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winytlo.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winytlo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsub.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winlkudo.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlkudo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\uthv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\uthv.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winldjdn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winldjdn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winttiquh.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winttiquh.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\nbrasv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\nbrasv.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winyvvhtg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winyvvhtg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\aryug.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\aryug.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winrknknw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winrknknw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winrorix.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winrorix.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lixlrw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lixlrw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winukmvav.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winukmvav.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\xieq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\xieq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winfytn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winfytn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winxbou.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxbou.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winlsttr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlsttr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winxdit.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxdit.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\fkapbs.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\fkapbs.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\ebdso.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\ebdso.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winmrmsb.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winmrmsb.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwrppg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwrppg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwdfxx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwdfxx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winolcqa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winolcqa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winlvqoao.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlvqoao.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\fyes.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\fyes.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wintyyv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wintyyv.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\vkml.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vkml.exe:*:Enabled:ipsec" "C:\Program Files\MSN Messenger\usnsvc.exe"="C:\Program Files\MSN Messenger\usnsvc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winqbks.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqbks.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windmbi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windmbi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tohi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tohi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\rcyw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\rcyw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windkxwm.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windkxwm.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winhsvwc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winhsvwc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxwwjh.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxwwjh.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winauruu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winauruu.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winxjtvwd.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxjtvwd.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\uqbi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\uqbi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\rfocn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\rfocn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windvaycr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windvaycr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windrnhvx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windrnhvx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsgdk.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsgdk.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\mmbl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\mmbl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhpa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhpa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\nvsud.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\nvsud.exe:*:Enabled:ipsec" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité" ======List of files/folders created in the last 1 months====== 2010-05-10 17:58:14 ----D---- C:\tdsskiller 2010-05-09 23:17:14 ----D---- C:\Program Files\MAKEMSI Package Documentation 2010-05-09 23:17:08 ----D---- C:\Program Files\Vilma 2010-05-09 03:27:56 ----A---- C:\WINDOWS\IE4 Error Log.txt 2010-05-03 23:24:28 ----D---- C:\Documents and Settings\All Users\Application Data\Sun 2010-05-03 23:06:35 ----SHD---- C:\RECYCLER 2010-05-03 23:06:20 ----D---- C:\_OTM 2010-04-29 01:10:15 ----A---- C:\Ad-Report-CLEAN[2].txt 2010-04-29 00:40:29 ----A---- C:\Ad-Report-SCAN[2].txt 2010-04-28 00:02:53 ----D---- C:\rsit 2010-04-26 01:32:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-24 19:27:46 ----A---- C:\lopR.txt 2010-04-24 19:27:08 ----D---- C:\Lop SD 2010-04-24 18:46:36 ----A---- C:\Ad-Report-CLEAN[1].txt 2010-04-24 18:09:26 ----A---- C:\Ad-Report-SCAN[1].txt 2010-04-24 18:08:26 ----D---- C:\Ad-Remover ======List of files/folders modified in the last 1 months====== 2010-05-17 13:59:26 ----D---- C:\Program Files\Mozilla Firefox 2010-05-17 13:50:44 ----D---- C:\WINDOWS\Temp 2010-05-17 13:49:00 ----D---- C:\WINDOWS\System32\drivers 2010-05-17 01:06:33 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-14 12:14:15 ----D---- C:\WINDOWS\Prefetch 2010-05-14 12:14:13 ----D---- C:\WINDOWS 2010-05-09 23:17:38 ----D---- C:\WINDOWS\system32 2010-05-09 23:17:21 ----SHD---- C:\WINDOWS\Installer 2010-05-09 23:17:21 ----D---- C:\Config.Msi 2010-05-09 23:17:14 ----RD---- C:\Program Files 2010-05-03 23:35:55 ----D---- C:\Program Files\Java 2010-05-03 23:24:25 ----D---- C:\Program Files\Fichiers communs\Java 2010-05-03 23:02:50 ----D---- C:\WINDOWS\System32\Restore 2010-05-03 23:01:08 ----D---- C:\WINDOWS\ERDNT 2010-05-02 22:49:36 ----D---- C:\WINDOWS\Minidump 2010-04-29 19:47:41 ----D---- C:\WINDOWS\System32\CatRoot2 2010-04-29 19:39:16 ----A---- C:\WINDOWS\system.ini 2010-04-29 19:31:35 ----D---- C:\WINDOWS\System32\config 2010-04-29 19:27:42 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-04-29 19:23:04 ----D---- C:\WINDOWS\AppPatch 2010-04-29 19:22:55 ----D---- C:\Program Files\Fichiers communs 2010-04-29 00:25:06 ----RSHDC---- C:\WINDOWS\System32\dllcache 2010-04-27 17:33:17 ----RD---- C:\WINDOWS\Offline Web Pages 2010-04-24 02:01:45 ----SD---- C:\Documents and Settings\Griez\Application Data\Microsoft 2010-04-20 10:14:38 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 40320] R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [] R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\win2k\fsgk.sys [] R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [] R3 abp470n5;abp470n5; \??\C:\WINDOWS\System32\drivers\sinkhg.sys [] R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 USB_RNDIS;Broadcom USB Remote NDIS Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2001-08-28 11136] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328] S3 catchme;catchme; \??\C:\DOCUME~1\Griez\LOCALS~1\Temp\catchme.sys [] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680] S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS [] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2007-07-11 12416] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [2007-07-11 19840] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2007-07-11 21632] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] S3 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\System32\ZDCndis5.SYS [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2002-08-29 69376] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 BackWeb Plug-in - 361343;Pack Sécurité; C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE [2008-03-07 32807] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 166768] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 151552] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 158768] S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2002-08-29 24064] -----------------EOF----------------- -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
bonsoir, pas pu trop m'occuper de l'ordi à cause de problème perso... toujour le même problème avec tdsskiller le rapport mbam Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 4040 Windows 5.1.2600 Service Pack 1 Internet Explorer 6.0.2800.1106 16/05/2010 03:46:41 mbam-log-2010-05-16 (03-46-41).txt Type d'examen: Examen rapide Elément(s) analysé(s): 100716 Temps écoulé: 3 heure(s), 56 minute(s), 45 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 5 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
re, desolé je ne pouvais pas repondre avant, "Cliquez Trouver(Search) Tapez DisableRegistry" je ne peut pas faire ca, aucune action possible dans "trouver" ensuite; une fois ceci fait; Poste de travail->Outils ->Options des dossiers ->Affichage Cocher "Afficher les dossiers cachés" Décocher" Masquer les extension des fichiers dont le type est connus "ainsi que "Masquer les fichiers protégés du système d exploitation" --> un message dit que cela peut endommager le système, ne pas en tenir compte, valider par oui. j'ai a.exe sur le bureau, l'ordi a déjà été infecté par ce truc, je pensai avoir reussi à le viré à l'epoque :s voilà je ne suis pas allé plus loin on ne sais jamais^^ -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
GMER plante des l'ouverture l'ordi est rincer -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
non :/ -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
c:\program files\search settings\searchsettings.exe <= le dossier/fichier n'existe pas. le document "repare.vbs" ne s'ouvre pas il charge 1 sec et plus rien. -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
l'antivrus ne fonctionne toujour pas, bloqué par l'administrateur comme le gestionnaires des taches, sinon ça va j'ai peut etre oublier de dire que le windows etait un crack :s edit: le scan Logfile of random's system information tool 1.06 (written by random/random) Run by Griez at 2010-05-04 18:58:47 Microsoft Windows XP Professionnel Service Pack 1 System drive C: has 53 GB (67%) free of 79 GB Total RAM: 190 MB (15% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:59:15, on 04/05/2010 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Griez\Bureau\RSIT.exe C:\Documents and Settings\Griez\Mes documents\alain.griez\Griez.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Pack Sécurité.lnk = C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Griez\Application Data\Dealio\kb127\res\DealioSearch.html O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- End of file - 6720 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Maintenance en 1 clic.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-07 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 846364] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 325864] "F-Secure Manager"=C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE [2006-04-02 458801] "F-Secure Startup Wizard"=C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE [2006-09-01 794624] "F-Secure TNB"=C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe [2006-09-01 671744] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2006-03-01 163840] "msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2009-09-16 6677872] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Pack Sécurité.lnk - C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=1 "DisableTaskMgr"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité" "C:\Program Files\Microsoft Works\WksSb.exe"="C:\Program Files\Microsoft Works\WksSb.exe:*:Enabled:ipsec" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:ipsec" "C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe"="C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe:*:Enabled:ipsec" "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE:*:Enabled:ipsec" "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe:*:Enabled:ipsec" "C:\Program Files\Microsoft Works\wkfud.exe"="C:\Program Files\Microsoft Works\wkfud.exe:*:Enabled:ipsec" "C:\WINDOWS\System32\dwwin.exe"="C:\WINDOWS\System32\dwwin.exe:*:Enabled:ipsec" "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:ipsec" "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec" "C:\Program Files\ImTOO\PSP Video Converter 3\avc.exe"="C:\Program Files\ImTOO\PSP Video Converter 3\avc.exe:*:Enabled:ipsec" "C:\Program Files\ImTOO\PSP Video Converter 3\videoenc.exe"="C:\Program Files\ImTOO\PSP Video Converter 3\videoenc.exe:*:Enabled:ipsec" "C:\Program Files\Search Settings\SearchSettings.exe"="C:\Program Files\Search Settings\SearchSettings.exe:*:Enabled:ipsec" "C:\WINDOWS\System32\netsh.exe"="C:\WINDOWS\System32\netsh.exe:*:Enabled:ipsec" "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe:*:Enabled:ipsec" "C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:ipsec" "C:\WINDOWS\system32\CF31222.exe"="C:\WINDOWS\system32\CF31222.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winpconq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winpconq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\etpbsc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\etpbsc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winylwg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winylwg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwaldae.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwaldae.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwtopq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwtopq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lailbp.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lailbp.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winvhkqf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winvhkqf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\dqodq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\dqodq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winjaftx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winjaftx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tcpiuu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tcpiuu.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windpaqb.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windpaqb.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winbomxgl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winbomxgl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winaxuxcf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winaxuxcf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windsxxyi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windsxxyi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winaavawr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winaavawr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\elmfl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\elmfl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tyld.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tyld.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winkvsa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winkvsa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winoskbf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winoskbf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\hlete.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\hlete.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\yubad.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\yubad.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\vqirmj.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vqirmj.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lwfub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lwfub.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winhnxqf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winhnxqf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lawtd.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lawtd.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhokq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhokq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winyyvdik.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winyyvdik.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\vbvy.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vbvy.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winuuje.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winuuje.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxaih.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxaih.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winpxub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winpxub.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwotkm.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwotkm.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tmwc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tmwc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winnpoy.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winnpoy.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winymrjn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winymrjn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\geiwnw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\geiwnw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winquomfu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winquomfu.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winytlo.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winytlo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsub.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winlkudo.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlkudo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\uthv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\uthv.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winldjdn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winldjdn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winttiquh.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winttiquh.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\nbrasv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\nbrasv.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winyvvhtg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winyvvhtg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\aryug.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\aryug.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winrknknw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winrknknw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winrorix.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winrorix.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lixlrw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lixlrw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winukmvav.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winukmvav.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\xieq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\xieq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winfytn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winfytn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winxbou.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxbou.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winlsttr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlsttr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winxdit.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxdit.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\fkapbs.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\fkapbs.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\ebdso.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\ebdso.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winmrmsb.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winmrmsb.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwrppg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwrppg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwdfxx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwdfxx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winolcqa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winolcqa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winlvqoao.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlvqoao.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\fyes.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\fyes.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wintyyv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wintyyv.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\vkml.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vkml.exe:*:Enabled:ipsec" "C:\Program Files\MSN Messenger\usnsvc.exe"="C:\Program Files\MSN Messenger\usnsvc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winqbks.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqbks.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windmbi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windmbi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tohi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tohi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\rcyw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\rcyw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windkxwm.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windkxwm.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winhsvwc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winhsvwc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxwwjh.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxwwjh.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winauruu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winauruu.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winxjtvwd.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxjtvwd.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\uqbi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\uqbi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\rfocn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\rfocn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windvaycr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windvaycr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windrnhvx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windrnhvx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsgdk.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsgdk.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\mmbl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\mmbl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhpa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhpa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\nvsud.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\nvsud.exe:*:Enabled:ipsec" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité" ======List of files/folders created in the last 1 months====== 2010-05-03 23:24:28 ----D---- C:\Documents and Settings\All Users\Application Data\Sun 2010-05-03 23:06:35 ----SHD---- C:\RECYCLER 2010-05-03 23:06:20 ----D---- C:\_OTM 2010-04-29 01:10:15 ----A---- C:\Ad-Report-CLEAN[2].txt 2010-04-29 00:40:29 ----A---- C:\Ad-Report-SCAN[2].txt 2010-04-28 00:02:53 ----D---- C:\rsit 2010-04-26 01:32:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-25 18:29:36 ----D---- C:\tdsskiller 2010-04-24 19:27:46 ----A---- C:\lopR.txt 2010-04-24 19:27:08 ----D---- C:\Lop SD 2010-04-24 18:46:36 ----A---- C:\Ad-Report-CLEAN[1].txt 2010-04-24 18:09:26 ----A---- C:\Ad-Report-SCAN[1].txt 2010-04-24 18:08:26 ----D---- C:\Ad-Remover ======List of files/folders modified in the last 1 months====== 2010-05-04 13:56:50 ----D---- C:\Program Files\Mozilla Firefox 2010-05-04 13:43:09 ----D---- C:\WINDOWS\Temp 2010-05-04 13:41:30 ----D---- C:\WINDOWS\System32\drivers 2010-05-03 23:54:17 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-03 23:40:47 ----D---- C:\WINDOWS\system32 2010-05-03 23:35:55 ----D---- C:\Program Files\Java 2010-05-03 23:24:29 ----D---- C:\WINDOWS\Prefetch 2010-05-03 23:24:28 ----SHD---- C:\WINDOWS\Installer 2010-05-03 23:24:27 ----D---- C:\Config.Msi 2010-05-03 23:24:25 ----D---- C:\Program Files\Fichiers communs\Java 2010-05-03 23:02:50 ----D---- C:\WINDOWS\System32\Restore 2010-05-03 23:01:33 ----D---- C:\WINDOWS 2010-05-03 23:01:07 ----D---- C:\WINDOWS\ERDNT 2010-05-02 22:49:36 ----D---- C:\WINDOWS\Minidump 2010-04-29 19:47:41 ----D---- C:\WINDOWS\System32\CatRoot2 2010-04-29 19:39:16 ----A---- C:\WINDOWS\system.ini 2010-04-29 19:31:35 ----D---- C:\WINDOWS\System32\config 2010-04-29 19:27:42 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-04-29 19:23:04 ----D---- C:\WINDOWS\AppPatch 2010-04-29 19:22:55 ----D---- C:\Program Files\Fichiers communs 2010-04-29 00:25:06 ----RSHDC---- C:\WINDOWS\System32\dllcache 2010-04-27 17:33:17 ----RD---- C:\WINDOWS\Offline Web Pages 2010-04-26 01:32:30 ----RD---- C:\Program Files 2010-04-24 02:01:45 ----SD---- C:\Documents and Settings\Griez\Application Data\Microsoft 2010-04-20 10:14:38 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 40320] R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [] R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\win2k\fsgk.sys [] R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [] R3 abp470n5;abp470n5; \??\C:\WINDOWS\System32\drivers\sinkhg.sys [] R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 USB_RNDIS;Broadcom USB Remote NDIS Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2001-08-28 11136] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328] S3 catchme;catchme; \??\C:\DOCUME~1\Griez\LOCALS~1\Temp\catchme.sys [] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680] S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS [] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2007-07-11 12416] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [2007-07-11 19840] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2007-07-11 21632] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] S3 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\System32\ZDCndis5.SYS [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2002-08-29 69376] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 BackWeb Plug-in - 361343;Pack Sécurité; C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE [2008-03-07 32807] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 166768] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 151552] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 158768] S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2002-08-29 24064] -----------------EOF----------------- -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
rapport OTM: 23:14 03/05/2010All processes killed ========== PROCESSES ========== ========== FILES ========== File/Folder c:\program files\search settings\searchsettings.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableTaskMgr not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableRegistryTools not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableTaskMgr not found. Registry value 23:14 03/05/2010HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableRegistryTools not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Griez ->Temp folder emptied: 4993567 bytes ->Temporary Internet Files folder emptied: 98706 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 35000189 bytes ->Flash cache emptied: 2454 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->FireFox cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 254976 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 39,00 mb OTM by OldTimer - Version 3.1.12.0 log created on 05032010_230620 Files moved on Reboot... Registry entries deleted on Reboot... -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
bonsoir, je n'ai eu qu'un log rsit cette fois, normal?? Logfile of random's system information tool 1.06 (written by random/random) Run by Griez at 2010-05-02 23:33:27 Microsoft Windows XP Professionnel Service Pack 1 System drive C: has 49 GB (63%) free of 79 GB Total RAM: 190 MB (54% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:33:52, on 02/05/2010 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Documents and Settings\Griez\Bureau\RSIT.exe C:\Documents and Settings\Griez\Mes documents\alain.griez\Griez.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Pack Sécurité.lnk = C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Griez\Application Data\Dealio\kb127\res\DealioSearch.html O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 7007 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Maintenance en 1 clic.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-07 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-07 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 846364] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-07 538008] "F-Secure Manager"=C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE [2006-04-02 458801] "F-Secure Startup Wizard"=C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE [2006-09-01 794624] "F-Secure TNB"=C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe [2006-09-01 671744] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2006-03-01 163840] "msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2009-09-16 6677872] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Pack Sécurité.lnk - C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=1 "DisableRegistryTools"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité" "C:\Program Files\Microsoft Works\WksSb.exe"="C:\Program Files\Microsoft Works\WksSb.exe:*:Enabled:ipsec" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:ipsec" "C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe"="C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe:*:Enabled:ipsec" "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE:*:Enabled:ipsec" "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe:*:Enabled:ipsec" "C:\Program Files\Microsoft Works\wkfud.exe"="C:\Program Files\Microsoft Works\wkfud.exe:*:Enabled:ipsec" "C:\WINDOWS\System32\dwwin.exe"="C:\WINDOWS\System32\dwwin.exe:*:Enabled:ipsec" "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:ipsec" "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec" "C:\Program Files\ImTOO\PSP Video Converter 3\avc.exe"="C:\Program Files\ImTOO\PSP Video Converter 3\avc.exe:*:Enabled:ipsec" "C:\Program Files\ImTOO\PSP Video Converter 3\videoenc.exe"="C:\Program Files\ImTOO\PSP Video Converter 3\videoenc.exe:*:Enabled:ipsec" "C:\Program Files\Search Settings\SearchSettings.exe"="C:\Program Files\Search Settings\SearchSettings.exe:*:Enabled:ipsec" "C:\WINDOWS\System32\netsh.exe"="C:\WINDOWS\System32\netsh.exe:*:Enabled:ipsec" "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe:*:Enabled:ipsec" "C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:ipsec" "C:\WINDOWS\system32\CF31222.exe"="C:\WINDOWS\system32\CF31222.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winpconq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winpconq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\etpbsc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\etpbsc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winylwg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winylwg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwaldae.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwaldae.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwtopq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwtopq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lailbp.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lailbp.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winvhkqf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winvhkqf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\dqodq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\dqodq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winjaftx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winjaftx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tcpiuu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tcpiuu.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windpaqb.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windpaqb.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winbomxgl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winbomxgl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winaxuxcf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winaxuxcf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windsxxyi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windsxxyi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winaavawr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winaavawr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\elmfl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\elmfl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tyld.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tyld.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winkvsa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winkvsa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winoskbf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winoskbf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\hlete.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\hlete.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\yubad.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\yubad.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\vqirmj.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vqirmj.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lwfub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lwfub.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winhnxqf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winhnxqf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lawtd.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lawtd.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhokq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhokq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winyyvdik.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winyyvdik.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\vbvy.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vbvy.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winuuje.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winuuje.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxaih.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxaih.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winpxub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winpxub.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwotkm.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwotkm.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tmwc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tmwc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winnpoy.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winnpoy.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winymrjn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winymrjn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\geiwnw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\geiwnw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winquomfu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winquomfu.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winytlo.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winytlo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsub.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winlkudo.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlkudo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\uthv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\uthv.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winldjdn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winldjdn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winttiquh.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winttiquh.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\nbrasv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\nbrasv.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winyvvhtg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winyvvhtg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\aryug.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\aryug.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winrknknw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winrknknw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winrorix.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winrorix.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lixlrw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lixlrw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winukmvav.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winukmvav.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\xieq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\xieq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winfytn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winfytn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winxbou.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxbou.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winlsttr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlsttr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winxdit.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxdit.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\fkapbs.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\fkapbs.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\ebdso.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\ebdso.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winmrmsb.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winmrmsb.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwrppg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwrppg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwdfxx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwdfxx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winolcqa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winolcqa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winlvqoao.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlvqoao.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\fyes.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\fyes.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wintyyv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wintyyv.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\vkml.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vkml.exe:*:Enabled:ipsec" "C:\Program Files\MSN Messenger\usnsvc.exe"="C:\Program Files\MSN Messenger\usnsvc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winqbks.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqbks.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windmbi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windmbi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tohi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tohi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\rcyw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\rcyw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windkxwm.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windkxwm.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winhsvwc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winhsvwc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxwwjh.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxwwjh.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winauruu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winauruu.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winxjtvwd.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxjtvwd.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\uqbi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\uqbi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\rfocn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\rfocn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windvaycr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windvaycr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windrnhvx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windrnhvx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsgdk.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsgdk.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\mmbl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\mmbl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhpa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhpa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\nvsud.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\nvsud.exe:*:Enabled:ipsec" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité" ======List of files/folders created in the last 1 months====== 2010-04-29 19:07:29 ----A---- C:\WINDOWS\PEV.exe 2010-04-29 19:07:29 ----A---- C:\WINDOWS\MBR.exe 2010-04-29 19:06:47 ----D---- C:\11635-CF 2010-04-29 19:06:16 ----D---- C:\Qoobox 2010-04-29 01:10:15 ----A---- C:\Ad-Report-CLEAN[2].txt 2010-04-29 00:40:29 ----A---- C:\Ad-Report-SCAN[2].txt 2010-04-28 00:02:53 ----D---- C:\rsit 2010-04-26 01:32:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-25 18:29:36 ----D---- C:\tdsskiller 2010-04-24 19:27:46 ----A---- C:\lopR.txt 2010-04-24 19:27:08 ----D---- C:\Lop SD 2010-04-24 18:46:36 ----A---- C:\Ad-Report-CLEAN[1].txt 2010-04-24 18:09:26 ----A---- C:\Ad-Report-SCAN[1].txt 2010-04-24 18:08:26 ----D---- C:\Ad-Remover ======List of files/folders modified in the last 1 months====== 2010-05-02 23:33:26 ----D---- C:\WINDOWS\Prefetch 2010-05-02 23:25:39 ----D---- C:\Program Files\Mozilla Firefox 2010-05-02 22:52:46 ----D---- C:\WINDOWS\Temp 2010-05-02 22:50:33 ----D---- C:\WINDOWS\System32\drivers 2010-05-02 22:49:36 ----D---- C:\WINDOWS 2010-05-02 01:47:05 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-29 19:47:41 ----D---- C:\WINDOWS\System32\CatRoot2 2010-04-29 19:46:03 ----D---- C:\WINDOWS\ERDNT 2010-04-29 19:39:16 ----A---- C:\WINDOWS\system.ini 2010-04-29 19:31:35 ----D---- C:\WINDOWS\System32\config 2010-04-29 19:27:51 ----D---- C:\WINDOWS\system32 2010-04-29 19:27:42 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-04-29 19:23:04 ----D---- C:\WINDOWS\AppPatch 2010-04-29 19:22:55 ----D---- C:\Program Files\Fichiers communs 2010-04-29 00:25:06 ----RSHDC---- C:\WINDOWS\System32\dllcache 2010-04-27 17:33:17 ----RD---- C:\WINDOWS\Offline Web Pages 2010-04-26 01:32:30 ----RD---- C:\Program Files 2010-04-24 02:01:45 ----SD---- C:\Documents and Settings\Griez\Application Data\Microsoft 2010-04-24 01:32:50 ----D---- C:\WINDOWS\Minidump 2010-04-20 10:14:38 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 40320] R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [] R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\win2k\fsgk.sys [] R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [] R3 abp470n5;abp470n5; \??\C:\WINDOWS\System32\drivers\sinkhg.sys [] R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 USB_RNDIS;Broadcom USB Remote NDIS Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2001-08-28 11136] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328] S3 catchme;catchme; \??\C:\DOCUME~1\Griez\LOCALS~1\Temp\catchme.sys [] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680] S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS [] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2007-07-11 12416] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [2007-07-11 19840] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2007-07-11 21632] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] S3 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\System32\ZDCndis5.SYS [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 BackWeb Plug-in - 361343;Pack Sécurité; C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE [2008-03-07 32807] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-07 152984] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 151552] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 158768] S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2002-08-29 24064] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 166768] -----------------EOF----------------- -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
j'ai bien un dossier qoobox avec d'autre dossier dedans, j'ai un fichier bloc note snapshop@ "la date et l'heure du scan" mais il est vide :/ -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
combofix c'est fermer et je n'ai pas eu de rapport, je suis aller voir dans le disque dur idem pas de rapport -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
j'ai lancé combofix, dans la fenetre bleue y'avais écrit tentative de creation d'un nouveau point de restauration au bout de quelques minutes il est passer direct au scan. edit: le scan a durée 10 minutes, la machine a reboot et le rapport est entrain d'etre créé depuis 25 minutes -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
nettoyage TFC fait^^ 2e scan AD-R . ======= RAPPORT D'AD-REMOVER 2.0.0.0,C | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 22/04/10 à 19:00 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 00:40:22 le 29/04/2010 | Mode normal | Option: SCAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 1 - X86 Nom du PC: GRIEZ-BX0K7RQPO Utilisateur actuel: Griez (Administrateur) . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . . . . . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.5.9 (fr) * . C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Griez\\Bureau C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.search.defaultenginename: Google C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.search.selectedEngine: Google C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.startup.homepage: hxxp://www.neufportail.fr C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.9 C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - keyword.URL: hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= . . * Internet Explorer Version 6.0.2800.1106 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\windows\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Custom Search URL: 1 Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\windows\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ============== SUSPECT(S) ============== . C:\Documents and Settings\Griez\Mes documents\alain.griez\Patch Anti mise a jour WLM 8.1 finale[www.wikikou.fr]-454.exe C:\Documents and Settings\Griez\Mes documents\patch_netsky.exe . ======================================== . C:\DOCUME~1\Griez\LOCALS~1\Temp: 2 Fichier(s), 0 Dossier(s) C:\WINDOWS\temp: 3 Fichier(s), 0 Dossier(s) Temporary Internet Files: 8 Fichier(s), 6 Dossier(s) . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 13 Fichier(s) . C:\Ad-Report-CLEAN[1].txt - 5297 Octet(s) C:\Ad-Report-SCAN[1].txt - 5029 Octet(s) C:\Ad-Report-SCAN[2].txt - 3187 Octet(s) . Fin à: 00:56:58, 29/04/2010 . ============== E.O.F - SCAN[2] ============== 2e scan LOP S&D --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 1 X86-based PC ( Uniprocessor Free : Processeur Intel Celeron ) BIOS : PhoenixBIOS 4.0 Release 6.0.6 USER : Griez ( Administrator ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:76 Go (Free:47 Go) D:\ (CD or DVD) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 29/04/2010| 2:48 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [12/12/2008|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [21/10/2006|23:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [07/03/2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure [11/02/2009|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [28/11/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft [07/05/2009|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [17/08/2008|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [26/05/2007|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [27/05/2006|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [06/05/2006|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6 [28/11/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan [18/03/2006|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson [11/02/2009|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [16/11/2008|05:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [13/08/2006|14:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [20/05/2007|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [02/04/2006|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion [23/12/2005|20:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [16/06/2006|18:30] C:\DOCUME~1\Griez\APPLIC~1\ACD Systems [30/03/2008|16:17] C:\DOCUME~1\Griez\APPLIC~1\ACDInTouch [22/02/2008|19:34] C:\DOCUME~1\Griez\APPLIC~1\Adobe [02/04/2006|20:47] C:\DOCUME~1\Griez\APPLIC~1\Ahead [26/10/2006|16:12] C:\DOCUME~1\Griez\APPLIC~1\Apple Computer [06/12/2007|18:24] C:\DOCUME~1\Griez\APPLIC~1\F-Secure [30/09/2006|15:18] C:\DOCUME~1\Griez\APPLIC~1\Google [27/11/2008|20:14] C:\DOCUME~1\Griez\APPLIC~1\Grisoft [18/03/2006|22:15] C:\DOCUME~1\Griez\APPLIC~1\Help [23/12/2005|20:33] C:\DOCUME~1\Griez\APPLIC~1\Identities [07/06/2008|19:23] C:\DOCUME~1\Griez\APPLIC~1\InstallShield [02/12/2007|18:31] C:\DOCUME~1\Griez\APPLIC~1\ispnews [30/03/2008|16:22] C:\DOCUME~1\Griez\APPLIC~1\Leadertech [07/06/2008|19:44] C:\DOCUME~1\Griez\APPLIC~1\LG Electronics [18/06/2007|17:37] C:\DOCUME~1\Griez\APPLIC~1\Macromedia [17/08/2008|18:49] C:\DOCUME~1\Griez\APPLIC~1\Malwarebytes [24/04/2010|02:01] C:\DOCUME~1\Griez\APPLIC~1\Microsoft [11/02/2009|18:37] C:\DOCUME~1\Griez\APPLIC~1\Mozilla [03/02/2007|17:58] C:\DOCUME~1\Griez\APPLIC~1\MSN6 [07/03/2008|18:05] C:\DOCUME~1\Griez\APPLIC~1\PEX [01/03/2006|17:18] C:\DOCUME~1\Griez\APPLIC~1\PSWorks [14/05/2007|10:34] C:\DOCUME~1\Griez\APPLIC~1\Screenshot Sender [16/11/2008|05:15] C:\DOCUME~1\Griez\APPLIC~1\Simply Super Software [31/10/2006|16:51] C:\DOCUME~1\Griez\APPLIC~1\Sun [27/05/2006|16:08] C:\DOCUME~1\Griez\APPLIC~1\Template [16/04/2009|15:20] C:\DOCUME~1\Griez\APPLIC~1\Tray one deaf [11/05/2008|00:00] C:\DOCUME~1\Griez\APPLIC~1\TuneUp Software [23/08/2006|17:23] C:\DOCUME~1\Griez\APPLIC~1\vlc [10/11/2007|19:41] C:\DOCUME~1\Griez\APPLIC~1\WinRAR [24/04/2010|02:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [24/06/2006|16:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla [24/04/2010|02:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [29/04/2010 02:00][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job [22/04/2010 17:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [29/04/2010 01:44][--ah-----] C:\WINDOWS\tasks\SA.DAT [28/08/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [23/01/2007|15:11] C:\Program Files\ABF software [12/12/2008|12:54] C:\Program Files\Adobe [25/01/2007|18:40] C:\Program Files\Apple Software Update [01/12/2008|02:56] C:\Program Files\CCleaner [30/09/2006|15:15] C:\Program Files\Common Files [08/04/2008|18:24] C:\Program Files\ElcomSoft [02/04/2006|10:50] C:\Program Files\Every Toolbar 1.1 [07/05/2009|14:24] C:\Program Files\Fichiers communs [29/09/2008|19:30] C:\Program Files\Free Audio Pack [11/02/2009|18:45] C:\Program Files\Google [04/10/2006|12:56] C:\Program Files\Infine [18/01/2009|20:28] C:\Program Files\InstallShield Installation Information [23/05/2009|02:32] C:\Program Files\Internet Explorer [07/05/2009|16:12] C:\Program Files\Java [07/06/2008|19:35] C:\Program Files\LG Electronics [07/06/2008|19:31] C:\Program Files\LG PC Suite 2 [09/12/2008|21:35] C:\Program Files\LimeWire [27/04/2010|17:33] C:\Program Files\Malwarebytes' Anti-Malware [24/12/2005|21:01] C:\Program Files\Messenger [13/12/2009|21:15] C:\Program Files\Messenger Plus! Live [23/12/2005|20:22] C:\Program Files\microsoft frontpage [23/05/2009|02:11] C:\Program Files\Microsoft Office [27/05/2006|15:58] C:\Program Files\Microsoft Works [23/12/2005|20:18] C:\Program Files\Movie Maker [29/04/2010|01:06] C:\Program Files\Mozilla Firefox [23/12/2005|20:15] C:\Program Files\MSN [23/12/2005|20:15] C:\Program Files\MSN Gaming Zone [16/09/2009|19:24] C:\Program Files\MSN Messenger [24/12/2005|21:26] C:\Program Files\NetMeeting [19/11/2007|13:53] C:\Program Files\Neuf [26/09/2006|18:12] C:\Program Files\Outlook Express [19/08/2006|18:13] C:\Program Files\PQDVD [25/01/2007|18:47] C:\Program Files\QuickTime [10/07/2008|21:55] C:\Program Files\QuickZip4 [21/09/2008|19:04] C:\Program Files\RegCleaner [29/05/2007|12:56] C:\Program Files\Samsung [23/12/2005|22:53] C:\Program Files\Securitoo [23/12/2005|20:19] C:\Program Files\Services en ligne [11/02/2009|18:51] C:\Program Files\Spybot - Search & Destroy [18/01/2009|20:29] C:\Program Files\Uninstall Information [23/08/2006|17:20] C:\Program Files\VideoLAN [19/08/2007|19:53] C:\Program Files\Windows Live [30/05/2007|16:04] C:\Program Files\Windows Live Toolbar [13/08/2006|14:43] C:\Program Files\Windows Media Player [23/12/2005|20:15] C:\Program Files\Windows NT [23/12/2005|23:10] C:\Program Files\WindowsUpdate [10/11/2007|19:35] C:\Program Files\WinRAR [09/03/2008|12:53] C:\Program Files\WinZip [23/12/2005|20:22] C:\Program Files\xerox [06/01/2009|01:52] C:\Program Files\XMoto [30/09/2006|15:15] C:\Program Files\Yahoo! --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [12/12/2008|12:54] C:\Program Files\Fichiers communs\Adobe [02/04/2006|19:51] C:\Program Files\Fichiers communs\Ahead [07/06/2008|19:33] C:\Program Files\Fichiers communs\InstallShield [24/12/2005|17:50] C:\Program Files\Fichiers communs\Java [23/05/2009|02:11] C:\Program Files\Fichiers communs\Microsoft Shared [23/12/2005|20:17] C:\Program Files\Fichiers communs\MSSoap [23/12/2005|20:03] C:\Program Files\Fichiers communs\ODBC [23/12/2005|20:17] C:\Program Files\Fichiers communs\Services [23/12/2005|20:03] C:\Program Files\Fichiers communs\SpeechEngines [13/08/2006|14:24] C:\Program Files\Fichiers communs\System [15/02/2006|17:57] C:\Program Files\Fichiers communs\Vbox --------------------\\ Process ( 23 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-29 02:57:35 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 447 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:1][D:0]-> C:\DOCUME~1\Griez\LOCALS~1\Temp [F:49][D:0]-> C:\DOCUME~1\Griez\Cookies [F:3][D:4]-> C:\DOCUME~1\Griez\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 24/04/2010|19:31 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 24/04/2010|20:12 - Option : [2] 3 - "C:\Lop SD\LopR_3.txt" - 29/04/2010| 2:17 - Option : [1] 4 - "C:\Lop SD\LopR_4.txt" - 29/04/2010| 3:00 - Option : [2] --------------------\\ Fin du rapport a 3:00:51 les nettoyage ont été fait après les scan, je ne peut toujour pas acceder à la page kaspersky -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
l'info info.txt logfile of random's system information tool 1.06 2010-04-28 00:03:48 ======Uninstall list====== -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure FWES" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure GUI" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Help" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure TNB" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter" -->"C:\Program Files\Securitoo\av_fw\fsuninst.exe" /UninstRegKey:"News Service" -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 7.0.1-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 8.1.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Ad-Remover By C_XX-->"C:\Ad-Remover\Un-ADR.exe" Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Free Mp3 Wma Converter V 1.7.3-->"C:\Program Files\Free Audio Pack\unins000.exe" getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall HijackThis 2.0.2-->"C:\Documents and Settings\Griez\Mes documents\alain.griez\HijackThis.exe" /uninstall Infine CaptureFlash version 1.1-->"C:\Program Files\Infine\CaptureFlash\unins000.exe" J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x040c -removeonly LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly LimeWire PRO 4.13.0-->"C:\Program Files\LimeWire\uninstall.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9} Microsoft Works 6.0-->MsiExec.exe /I{75DEB69B-4B6C-11D4-B0CE-00AA00BCC218} Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe QuickTime-->MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe =====HijackThis Backups===== O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) [2010-04-25] O4 - HKCU\..\Run: [spam atom] C:\DOCUME~1\Griez\APPLIC~1\TRAYON~1\Databagslive.exe [2010-04-25] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2010-04-25] O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2010-04-25] O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-25] O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe [2010-04-25] O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-25] O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers [2010-04-25] O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe [2010-04-25] O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') [2010-04-25] O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe [2010-04-25] O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') [2010-04-25] ======System event log====== Computer Name: GRIEZ-BX0K7RQPO Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service Messenger Sharing Folders USN Journal Reader. Record Number: 22892 Source Name: Service Control Manager Time Written: 20100215163525.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: GRIEZ-BX0K7RQPO Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté. Record Number: 22891 Source Name: Service Control Manager Time Written: 20100215162844.000000+060 Event Type: Informations User: Computer Name: GRIEZ-BX0K7RQPO Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service abp470n5. Record Number: 22890 Source Name: Service Control Manager Time Written: 20100215162838.000000+060 Event Type: Informations User: GRIEZ-BX0K7RQPO\Griez Computer Name: GRIEZ-BX0K7RQPO Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Pilote de filtre de trafic IP. Record Number: 22889 Source Name: Service Control Manager Time Written: 20100215162838.000000+060 Event Type: Informations User: GRIEZ-BX0K7RQPO\Griez Computer Name: GRIEZ-BX0K7RQPO Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution. Record Number: 22888 Source Name: Service Control Manager Time Written: 20100215162837.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: GRIEZ-BX0K7RQPO Event Code: 12001 Message: The Messenger Sharing USN Journal Reader service started successfully. Record Number: 58456 Source Name: usnjsvc Time Written: 20100103205520.000000+060 Event Type: User: Computer Name: GRIEZ-BX0K7RQPO Event Code: 2 Message: No logged in user, launching client as SYSTEM Record Number: 58455 Source Name: BackWeb Plug-in - 361343 Time Written: 20100103140635.000000+060 Event Type: Informations User: Computer Name: GRIEZ-BX0K7RQPO Event Code: 2 Message: Service started Record Number: 58454 Source Name: BackWeb Plug-in - 361343 Time Written: 20100103140632.000000+060 Event Type: Informations User: Computer Name: GRIEZ-BX0K7RQPO Event Code: 101 Message: msnmsgr (4908) Le moteur de base de données est arrêté. Record Number: 58453 Source Name: ESENT Time Written: 20100103062257.000000+060 Event Type: Informations User: Computer Name: GRIEZ-BX0K7RQPO Event Code: 103 Message: msnmsgr (4908) \\.\C:\Documents and Settings\Griez\Local Settings\Application Data\Microsoft\Messenger\benjamin_g@hotmail.fr\SharingMetadata\Working\database_583C_8974_3C89_4DC6\dfsr.db: Le moteur de base de données a arrêté une instance (0). Record Number: 58452 Source Name: ESENT Time Written: 20100103062257.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0803 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
le log Logfile of random's system information tool 1.06 (written by random/random) Run by Griez at 2010-04-28 00:02:53 Microsoft Windows XP Professionnel Service Pack 1 System drive C: has 49 GB (63%) free of 79 GB Total RAM: 190 MB (17% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:03:24, on 28/04/2010 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Griez\Bureau\RSIT.exe C:\Documents and Settings\Griez\Mes documents\alain.griez\Griez.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Dog Cool Send Play] C:\Documents and Settings\All Users\Application Data\Road Inter Dog Cool\Anti Vc.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Pack Sécurité.lnk = C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Griez\Application Data\Dealio\kb127\res\DealioSearch.html O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 7059 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Maintenance en 1 clic.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-07 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-07 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 846364] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-07 538008] "F-Secure Manager"=C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE [2006-04-02 458801] "F-Secure Startup Wizard"=C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE [2006-09-01 794624] "F-Secure TNB"=C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe [2006-09-01 671744] "Dog Cool Send Play"=C:\Documents and Settings\All Users\Application Data\Road Inter Dog Cool\Anti Vc.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2006-03-01 163840] "msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2009-09-16 6677872] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Pack Sécurité.lnk - C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=1 "DisableTaskMgr"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité" "C:\Program Files\Microsoft Works\WksSb.exe"="C:\Program Files\Microsoft Works\WksSb.exe:*:Enabled:ipsec" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:ipsec" "C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe"="C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe:*:Enabled:ipsec" "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE:*:Enabled:ipsec" "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe:*:Enabled:ipsec" "C:\Program Files\Microsoft Works\wkfud.exe"="C:\Program Files\Microsoft Works\wkfud.exe:*:Enabled:ipsec" "C:\WINDOWS\System32\dwwin.exe"="C:\WINDOWS\System32\dwwin.exe:*:Enabled:ipsec" "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:ipsec" "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec" "C:\Program Files\ImTOO\PSP Video Converter 3\avc.exe"="C:\Program Files\ImTOO\PSP Video Converter 3\avc.exe:*:Enabled:ipsec" "C:\Program Files\ImTOO\PSP Video Converter 3\videoenc.exe"="C:\Program Files\ImTOO\PSP Video Converter 3\videoenc.exe:*:Enabled:ipsec" "C:\Program Files\Search Settings\SearchSettings.exe"="C:\Program Files\Search Settings\SearchSettings.exe:*:Enabled:ipsec" "C:\WINDOWS\System32\netsh.exe"="C:\WINDOWS\System32\netsh.exe:*:Enabled:ipsec" "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe:*:Enabled:ipsec" "C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:ipsec" "C:\WINDOWS\system32\CF31222.exe"="C:\WINDOWS\system32\CF31222.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winpconq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winpconq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\etpbsc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\etpbsc.exe:*:Enabled:ipsec" "C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winylwg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winylwg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwaldae.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwaldae.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwtopq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwtopq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lailbp.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lailbp.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winvhkqf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winvhkqf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\dqodq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\dqodq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winjaftx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winjaftx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tcpiuu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tcpiuu.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windpaqb.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windpaqb.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winbomxgl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winbomxgl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winaxuxcf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winaxuxcf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windsxxyi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windsxxyi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winaavawr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winaavawr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\elmfl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\elmfl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tyld.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tyld.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winkvsa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winkvsa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winoskbf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winoskbf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\hlete.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\hlete.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\yubad.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\yubad.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\vqirmj.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vqirmj.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lwfub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lwfub.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winhnxqf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winhnxqf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lawtd.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lawtd.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhokq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhokq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winyyvdik.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winyyvdik.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\vbvy.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vbvy.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winuuje.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winuuje.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxaih.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxaih.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winpxub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winpxub.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwotkm.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwotkm.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tmwc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tmwc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winnpoy.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winnpoy.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winymrjn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winymrjn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\geiwnw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\geiwnw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winquomfu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winquomfu.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winytlo.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winytlo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsub.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winlkudo.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlkudo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\uthv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\uthv.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winldjdn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winldjdn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winttiquh.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winttiquh.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\nbrasv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\nbrasv.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winyvvhtg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winyvvhtg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\aryug.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\aryug.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winrknknw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winrknknw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winrorix.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winrorix.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\lixlrw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lixlrw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winukmvav.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winukmvav.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\xieq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\xieq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winfytn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winfytn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winxbou.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxbou.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winlsttr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlsttr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winxdit.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxdit.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\fkapbs.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\fkapbs.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\ebdso.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\ebdso.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winmrmsb.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winmrmsb.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwrppg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwrppg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winwdfxx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwdfxx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winolcqa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winolcqa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winlvqoao.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlvqoao.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\fyes.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\fyes.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wintyyv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wintyyv.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\vkml.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vkml.exe:*:Enabled:ipsec" "C:\Program Files\MSN Messenger\usnsvc.exe"="C:\Program Files\MSN Messenger\usnsvc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winqbks.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqbks.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windmbi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windmbi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\tohi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tohi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\rcyw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\rcyw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windkxwm.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windkxwm.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winhsvwc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winhsvwc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxwwjh.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxwwjh.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winauruu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winauruu.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\winxjtvwd.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxjtvwd.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\uqbi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\uqbi.exe:*:Enabled:ipsec" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\rfocn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\rfocn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windvaycr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windvaycr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\windrnhvx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windrnhvx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsgdk.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsgdk.exe:*:Enabled:ipsec" "C:\DOCUME~1\Griez\LOCALS~1\Temp\mmbl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\mmbl.exe:*:Enabled:ipsec" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité" ======List of files/folders created in the last 1 months====== 2010-04-28 00:02:53 ----D---- C:\rsit 2010-04-26 01:32:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-25 18:29:36 ----D---- C:\tdsskiller 2010-04-24 19:27:46 ----A---- C:\lopR.txt 2010-04-24 19:27:08 ----D---- C:\Lop SD 2010-04-24 18:46:36 ----A---- C:\Ad-Report-CLEAN[1].txt 2010-04-24 18:09:26 ----A---- C:\Ad-Report-SCAN[1].txt 2010-04-24 18:08:26 ----D---- C:\Ad-Remover ======List of files/folders modified in the last 1 months====== 2010-04-28 00:02:39 ----D---- C:\WINDOWS\Prefetch 2010-04-27 23:58:57 ----D---- C:\Program Files\Mozilla Firefox 2010-04-27 19:48:24 ----D---- C:\WINDOWS\Temp 2010-04-27 19:46:03 ----D---- C:\WINDOWS\System32\drivers 2010-04-27 19:43:17 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-26 01:32:30 ----RD---- C:\Program Files 2010-04-24 02:01:45 ----SD---- C:\Documents and Settings\Griez\Application Data\Microsoft 2010-04-24 02:01:44 ----D---- C:\WINDOWS\system32 2010-04-24 02:01:44 ----D---- C:\WINDOWS 2010-04-24 01:32:50 ----D---- C:\WINDOWS\Minidump 2010-04-20 10:14:38 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 40320] R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [] R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\win2k\fsgk.sys [] R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [] R3 abp470n5;abp470n5; \??\C:\WINDOWS\System32\drivers\sinkhg.sys [] R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 USB_RNDIS;Broadcom USB Remote NDIS Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2001-08-28 11136] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680] S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS [] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2007-07-11 12416] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [2007-07-11 19840] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2007-07-11 21632] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] S3 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\System32\ZDCndis5.SYS [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 BackWeb Plug-in - 361343;Pack Sécurité; C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE [2008-03-07 32807] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-07 152984] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 166768] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 151552] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 158768] S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2002-08-29 24064] -----------------EOF----------------- -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
ca rame moin, l'antivirus ne s'ouvre toujour pas, j'ai tenté une mise a jour mais l'installation plante, et le gestionnaires idem toujour bloqué internet explorer ne trouve pas la page kaspersky -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
après 7 tentatives et près de 11h de scan xD www.malwarebytes.org Version de la base de données: 4040 Windows 5.1.2600 Service Pack 1 Internet Explorer 6.0.2800.1106 27/04/2010 17:31:26 mbam-log-2010-04-27 (17-31-26).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 151645 Temps écoulé: 10 heure(s), 41 minute(s), 46 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 5 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\Griez\Mes documents\alain.griez\ProRat_v1.9\ProRat.exe (Backdoor.ProRat) -> Quarantined and deleted successfully. -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
mbam ne fait que planter impossible de faire un examen complet -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
le rapport rkill This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Griez on 26/04/2010 at 1:05:17. Processes terminated by Rkill or while it was running: C:\Documents and Settings\Griez\Bureau\rkill.com Rkill completed on 26/04/2010 at 1:05:29. -
besoin d'aides. rapport inside
bob2N a répondu à un(e) sujet de bob2N dans Analyses et éradication malwares
j'ai pas eu de demande de mise à jour mais sa :s le rapport est vide :/